Context
`src/IviCli.Infrastructure/Session/JsonSessionStore.cs:165`
notes that Windows ACL tightening is deferred — session.json
sits under the default user-profile path (`%LOCALAPPDATA%\ivi-cli\`)
and inherits the user's umbrella DACL.
On *nix, the file is mode 0600 (owner-only read/write). On
Windows, it inherits whatever the parent directory grants —
which on a typical lab/test workstation can be too permissive.
Scope
- After write, apply an explicit DACL on Windows that grants
full control only to the current user SID.
- Use
System.IO.FileSecurity or
Microsoft.Win32.SafeHandles + SetKernelObjectSecurity.
- Validate via
icacls session.json in an integration test
(nightly only — relies on Windows runner).
Acceptance
icacls %LOCALAPPDATA%\ivi-cli\session.json shows only
<USER>:(F) (no BUILTIN\Users, no Authenticated Users).- Test added under
tests/IviCli.Infrastructure.Tests/Session/
with [Trait("OS","Windows")] filter.
Context
`src/IviCli.Infrastructure/Session/JsonSessionStore.cs:165`
notes that Windows ACL tightening is deferred — session.json
sits under the default user-profile path (`%LOCALAPPDATA%\ivi-cli\`)
and inherits the user's umbrella DACL.
On *nix, the file is mode 0600 (owner-only read/write). On
Windows, it inherits whatever the parent directory grants —
which on a typical lab/test workstation can be too permissive.
Scope
full control only to the current user SID.
System.IO.FileSecurityorMicrosoft.Win32.SafeHandles+SetKernelObjectSecurity.icacls session.jsonin an integration test(nightly only — relies on Windows runner).
Acceptance
icacls %LOCALAPPDATA%\ivi-cli\session.jsonshows only<USER>:(F)(noBUILTIN\Users, noAuthenticated Users).tests/IviCli.Infrastructure.Tests/Session/with
[Trait("OS","Windows")]filter.